At the end of 2017 there were more than a million new malware samples found for Windows per day. The old ways of protecting computers are not powerful enough anymore. Join to learn how one of the leading security experts in the world, Sami Laiho, explains how to protect your endpoints proactively. You’ll learn tips & tricks on how to implement hard disk encryption, Whitelisting and Principle of Least Privilege.
Sami Laiho is one of the world’s leading professionals in the Windows OS and Security. Sami has been working with and teaching OS troubleshooting, management, and security for more than 15 years. Sami’s session was evaluated as the best session in TechEd North America, Europe and Australia in 2014, and Nordic Infrastructure Conference in 2016 and 2017. At Ignite 2017 Sami was evaluated as the Best External Speaker! Sami is also an author at PluralSight and the newly appointed conference chair at the TechMentor conference.
Jason Dion, CISSP - Cyber Security Trainer at Dion Training Solutions
A brief overview of the Attacker's Methodology. In this webinar we began our quest to think like an attacker. We will cover the 6 stages of an attack: reconnaissance, scanning & enumeration, gaining access, escalating privileges, maintaining access, and covering your tracks.
In early 2000, the Open Source Security Testing Methodology Manual (OSSTMM) was released with the primary objective of improving how the enterprise conducted security testing. Key sections of this methodology include operational, human, physical, wireless, telecommunication, and data network security testing. Today, OSSTMM is widely regarded as a methodology for penetration testing world-wide, offering a standard approach to conducting security testing. Frank Shirmo of ITPG Secure Compliance, a Cyber Security Boutique in Northern Virginia will be joined by Pete Herzog, the creator of OSSTMM, to answer key questions, and provide clarifications on OSSTMM for CTOs, CISOs, CIOs, Security Engineers and Analysts, and all other stakeholders interested in the topic of security testing.
Dr. Ron Ross, Mr. Richard Spires, and Dr. Victor Berlin
Dr. Ron Ross (NIST), Richard Spires (Learning Tree Int’l), and Dr. Victor Berlin (Mission Critical Institute) will discuss how hiring Certified NIST RMF Professionals can be your key to cybersecurity breach protection.
Dr. Ron Ross, Fellow, National Institute of Standards and Technology
Ron Ross is a Fellow at the National Institute of Standards and Technology. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the NIST Risk Management Framework.
Mr. Richard Spires, CEO, Learning Tree International (CIO, DHS, IRA ret.)
Richard Spires is CEO of Learning Tree International. Previously he has served as the U.S. Department of Homeland Security’s (DHS) Chief Information Officer (CIO) and IRS’s CIO. Spires also served as the Vice-Chairman of the Federal Government CIO Council and the Co-Chairman of the Committee for National Security Systems (CNSS).
Dr. V. N. Berlin, CEO, Mission Critical Institute
Victor Berlin is the CEO of Mission Critical Institute (MCI). MCI enables universities to graduate career-ready cybersecurity risk management professionals by utilizing MCI’s cutting-edge cybersecurity education system. Dr. Berlin has over 15 years of cybersecurity graduate level education experience which includes serving as the founding president of the first accredited cybersecurity graduate university, University of Fairfax.
Security professionals are constantly in a state of adversity, always trying to battle the unseen advisory with little resources and lack of understanding from leadership. Often there is little to no recognition of a job well done, because no one can see the results of a good security team, no breach. It is only when there is an issue that the lights shine on the security team and that is when everyone asks why is it going wrong? This makes leadership within security that much harder, how do you help a team that is up against constant adversity from burning out and leaving. In this webinar, Sharon Smith will discuss the Five Pillars of a high performance security team and how you as a leader can tap into these to help your team achieve more and get better results.
Shawn Riley, Chief Data Officer | Cybersecurity Scientist at DarkLight
"Artificial Intelligence" is arguably one of the most over-used terms in cybersecurity today and despite the potential, most organizations are in the dark about how best to apply it -- and more importantly, how to explain the results it produces. We will discuss how encoding expert tradecraft using scientific methods and common knowledge / data models - can produce AI with explainable results for improved investigation and an active cyber defense.
Candid Wueest, Principal Threat Researcher, Symantec
Financial institutions are increasingly facing attacks on multiple fronts.
Cyber criminals continue to target online banking using malware to hijack customer transactions and banking sessions. While there has been an overall drop in infections related to these consumer threats, financial institutions are now facing new types of attacks in the form of large-scale financial heists.
Attack groups such as Fin7 and Lazarus are deliberately targeting financial institutions in audacious attacks that are reaping large rewards. They are using living off the land and fileless attack tactics similar to APT groups. But also extortion with DDoS attacks or business email compromise (BEC) scams are increasingly bothering financial corporations.
In this webcast on the current financial threat landscape, Symantec takes a look at the most prevalent and significant financial threats.
In this webcast we will review:
- The top threats facing financial institutions with statistics and examples
- Explore the most common techniques employed in financial attacks
- Provide case studies of the most high-profile financial attacks of the past 12 months
Effective responses to modern IT risks requires a transition from cyber security to cyber defense. This presentation introduces analysis based on proven military tools to understand, assess, and defend against cyber-attack. See how Petya worked its way in, and how to defend against it. Take away valuable tools and frameworks to develop your defenses.
Griff is trained as a Canadian Infantry Officer and is a graduate of the Johnson-Shoyama Graduate School of Public Policy. After a two-year stint as a Strategic Policy Analyst at the Treasury Board Secretariat in Ottawa, he moved to London where he completed a Master’s Degree at the LSE. Unable to find “real” work, he got into software development as a Scrum Master, leading the development of a web based application. This experience fostered an interest in cybersecurity, and Griff went on to a boutique start-up providing application security to Fortune 500 companies. Frustrated by the disconnect between technologies and poor analysis within cyber security, Griff founded cyber defense firm Damrod Analysis in 2017. He is London based, where he and his wife are expecting their first child shortly.
When you hear the term Social Engineering, the first thing that pops into your mind will invariably be phishing emails. However, there are many aspects of social engineering that are, more often than not, completely overlooked. Identity impersonation, physical penetration, and various other means can just as easily be employed to breach company after company. While the ability to detect malware and other types of breaches get better by the day, these types of attacks are rarely discovered quickly, if at all. Enterprise level security accounts for many of these, but rarely all. Join the indepth discussion of how Social Engineering can be dangerous for an organization and what can be done about.
Previously, Mr. McCrory was one of the founding employees of PhishMe, Inc. where he developed and ran many social engineering engagements as a Managed Services Consultant, teaching management of various Fortune 500 and Global 100 comapnies how to deal with phishing and on occassion, various other forms of social engineering attacks.
Mr. McCrory is also currently working on his first book and working as an independent consultant.
Kelly Handerhan, CISSP, PMP, CASP, CEH, Cybrary.it SME
Federal contractors that process, store or transmit what’s called Controlled Unclassified Information have until December to implement new, more stringent security guidelines to protect that information. Chances are your organization already meets some of the requirements, but it’s unlikely that you meet them all. Join us to identify what’s new, what’s not, what you have to do and how to assess the impact.
Ahmed Banafa, Lecturer and IoT Expert, College of Engineering, San Jose State University
As the Internet of Things (IoT) adds more and more devices to the digital fold every day, organizations of all sizes are recognizing the IoT's potential to improve business processes and, ultimately, accelerate growth.
Meanwhile, the number and variety of IoT solutions has expanded exponentially, creating real challenges. Chief among them: the urgent need for a secure IoT model for performing common tasks such as sensing, processing, storing information, and communicating. But developing such a model involves overcoming numerous hurdles.
Of course, there are multiple ways of looking at the IoT. For instance, the system view divides the IoT into blocks, such as connected things, gateways, network services, and cloud services, while the business view consists of platform, connectivity, business model, and applications. But one common thread connects all these views: security is paramount
IoT applications and devices is the next wave of technology, but security is a big concern. This webinar will explain the convergence of IoT and Blockchain technology.
Robert Johnston, CISSP, Adlumnin, Co-Founder & Chief Executive Officer
Corporate breaches continue to succeed because attackers can steal the legitimate identities of your employees and use those identities to attack your infrastructure. Far deadlier than malware based attacks, identity based attacks can go undetected for months or years because perpetrators impersonate the methods used by your various privileged accounts as if they were that user. Attackers have changed their methods from the now outdated malware based attacks to the evolved identity based attacks. Learn how analytics, deception, and data streams are saving the security industry, or would have at least saved the Democratic National Committee.
Robert Johnston, CISSP
Behavior Analytics, Active Defense, President & CEO Adlumin.com, Technology Entrepreneur
Previously Mr. Johnston worked in the private sector as a principal consultant at CrowdStrike, Inc as an incident response expert conducting engagements against nation state, criminal, and hacktivist organizations across a variety of industry sectors.
Previously Mr. Johnston served as an officer in the United States Marine Corps. As a Marine Officer he was the Team Lead of 81 National Cyber Protection Team, Cyber National Mission Force and the Director of the Marine Corps Red Team. He is an accomplished leader and technical expert within the cyber security community. Mr. Johnston is a 2008 United States Naval Academy graduate with a degree in Information Technology.
He has published multiple projects and articles in industry relevant magazines and peer reviewed journals. An avid speaker within the cyber security community (ISC)2 awarded him runner up for the best up-and-coming cyber security professional in North, Central, and South America and the winner of the 2015 Community Awareness Government Information Security Leadership Award. Mr. Johnston can be followed on Twitter at @dvgsecurity.
The three emerging pillars of cybersecurity include Risk Management, Cloud Security, and Cryptography. Cybersecurity can't be implemented efficiently without risk management. The cloud is taking over and here to stay. Cryptography is the clue that holds it all together.
Donald Parker, CISSP, CCSK, ITIL, MCSE
As a Sergeant in the US Army, cybersecurity instructor, inventor, author, and consultant to the Federal Government, Donald Parker has dedicated his entire career of over 23 years to the Information Technology industry with a special focus on Information Security. Mr. Parker has taught CISSP and other cybersecurity classes all over the United States and abroad, including Holland, Germany, and Guam. He holds a US patent for a physical computer security device that he believes will provide the greatest defense to one of the greatest threats on the Internet, Bot Networks. He has also developed a mechanical cryptographic cipher. Donald has authored a book on passing the CISSP exam and has published an audio version of the book online with over a million downloads. He has helped federal agencies and fortune 100 corporations comply with the ever-evolving cybersecurity landscape. As an independent consultant and small business owner for the past 10 years, he successfully completed more than a dozen short to midterm contracts. The knowledge gained from more than 25 different public and private sector environments has afforded him a birds-eye view of this exciting new field. Many of Mr. Parker’s customers and students refer to him as a one-man band in the since that; he can identify the laws, regulations, requirements and policies that an organization must comply with and actually implement the security controls necessary to demonstrate compliance. Donald has developed a STEM program to teach kids and young adults cyber security basics and prepare them for capture the flag competitions.
Are you considering in earning the Security+ certification from CompTIA? A new version of the Security+ exam debuts this fall - version SYS-501. In this webinar, cybersecurity training provider, CyberVista, dissects the structure of the new Security+ exam. We will explain the 6 Domains that comprise the test while also providing valuable strategies for test day.
Not all organizations have or can afford a full-time Chief Information Security Officer (CISO) to address regulatory compliance, security, and privacy and its impact on the IT infrastructure. Then again, many organizations don’t need a CISO full time, but rather on a more limited basis
Tyrone E. Wilson - Founder, and CEO of Cover6 Solutions
We discussed The Metasploit Database. No matter where you are you should have an understanding of your current network environment. One of the best ways to capture, filter, and share network information is with the Metasploit Database. Keynote Speaker(s): Mr. Tyrone E. Wilson – Founder and President of Cover6 Solutions has over 20 years of experience focusing on Information Systems and Network Security. Wilson has extensive expertise in multiple areas of the cyber field including, but not limited to, network defense, cyber threat analysis, penetration testing/vulnerability assessments, and #IPv6. Wilson has a passion for spreading knowledge to all about everything he’s acquired through his years of experience. Disclaimer: Only scan/test network environments in which you have explicit permission to do so. A sample permission memo can be found at Whttp://www.counterhack.net/permission_memo.html
Sam Meisenberg, Head of CISSP Training at CyberVista
Are you considering taking the CISSP exam? The CISSP is considered the industry-leading certification in cybersecurity, but the exam is certainly no cake walk. Strategies for CISSP Exam webinar dissects the structure of the CISSP exam. Hosted by (ISC)2 Approved training provider CyberVista, we will explain the 8 Domains that comprise the test while also providing valuable strategies for test day.
Ken Lloyd, CMDSP's Board members and CTO for Mi3 Security.
ITPG Secure Compliance's Cybercast series proudly presents : CMDSP - Mobile Security for the Mobile IT Administrator.
Come join us for a discussion on the advent of the Mobile IT Administrator position, and how CMDSP is helping organizations improve their enterprise mobility management strategy.
ITPG Secure Compliance has invited Mr. Ken Lloyd, CMDSP's Board members and CTO for Mi3 Security, a leader in Mobile Application Risk Intelligence and Mobile Threat Defense. With 18 years focused on creating powerful Mobile and Security solutions for Enterprises, SMB's and Consumers. Recognized as a Subject Matter Expert (SME) in Mobile Security, Security Awareness and IT Security.
We discussed Human Factors in Cyber Security. The discourse surrounding human performance in cyber security remains a relevant topic; nevertheless, the scientific underpinning remains deficient. Human error is the primary contributing factor that leads to malicious activity in cyber security. Other domains such as aviation, healthcare, and nuclear power have capitalized on human factors to reduce accidents and to identify critical phases of operations; consequently, the cyber security sector trails behind the above-mentioned industries in leveraging human factors.
The aim of this presentation is leveraging organizational culture as a platform to address human factors in cyber security. The continuous integration of technology accompanied by (a) advanced persistent threats, (b) ransomware attacks, (c) data breaches, and (d) cyber-attacks increases and threatens the complexity of cyber security operations.
Included are examples of conceptual processes, models, and frameworks to influence cyber leaders and professionals to mandate the integration of human factors in cyber security.
Dr. Calvin Nobles, Ph.D. is a cyber security subject matter expert (SME), national security leader, researcher, practitioner, and educator with more than 20 years of experience. Culminating a career of military service at the national level in 2017, as a cyber security executive and cyber consultant. He is an adjunct faculty member at the University of Maryland University College and Indian Wesleyan University. Calvin is actively involved in the cyber community, volunteering with multiple professional associations and conducting cyber security research. Calvin is the author of the book, Exploring the Implications of Implementing Technologically Advanced Aircraft in General Aviation.
We discussed Web Application Testing. Web applications provide a vulnerable window into internal enterprises. These applications often process and use poorly validated input. This presentation discusses methodologies to identify and exploit such vulnerabilities within the applications.
The target audience for this talk ranges from those with limited prior knowledge of web application testing to those with a moderate understanding.
Mr. Ben Pick has 8 years of security and development experience including vulnerability assessments of web and mobile applications, analyzing source code for security risks, and configuring architecture to monitor systems for anomalous activities. For the past few years, Ben has worked to incorporate security into DevOps environments by merging security tools within the software development lifecycle. This includes automating static code analysis and vulnerability tools on development environments which act as supplemental resources for manual tests.
Founded in 1999, ITPG Secure Compliance is dedicated to preventing information security breaches that put organizations at risk of noncompliance. Based in Vienna, VA, our subject matter experts are sought-after authorities on PCI DSS, HIPAA Security and Privacy Rule, FERPA and other industry security requirements. Our IT security consultants and virtual CISOs have decades of experience assessing security risks and vulnerabilities, recommending mitigation strategies and mapping remediation plans to strengthen enterprise security posture. We work with corporate, association, and state agency clients that span multiple industries and for multiple resellers. Visit our web site www.itpgsecure.com